Internal Audit clarification - How to perform the audits

jfriess

Involved In Discussions
#1
I have recently received my pre-request for information for my upcoming transition audit. I am confused by one of the requests. They asked for internal audit results to support every new/changed/ modified clause (which is list on the their form).
We do our "system" audit by auditing each of our main processes (7). We follow a format that looks at many different aspects of the standard are being followed during each process. Ex: inputs, output, training, documentation, corrective action, improvement...

We do not perform our audits in a checklist format ensuring that every single clause of the standard is verified each time.

Am I misunderstanding how to perform the audits or misinterpreting what they are looking for?

Any advice would be appreciated.
 
Elsmar Forum Sponsor
#2
I have recently received my pre-request for information for my upcoming transition audit. I am confused by one of the requests. They asked for internal audit results to support every new/changed/ modified clause (which is list on the their form).
We do our "system" audit by auditing each of our main processes (7). We follow a format that looks at many different aspects of the standard are being followed during each process. Ex: inputs, output, training, documentation, corrective action, improvement...

We do not perform our audits in a checklist format ensuring that every single clause of the standard is verified each time.

Am I misunderstanding how to perform the audits or misinterpreting what they are looking for?

Any advice would be appreciated.
Depending on your specific CB/Registrar, they have an underlying objective: They don't want to find a major when they audit. With the 2015 requirements, there are new/changed (modified = changed) requirements which they want YOU to audit to avoid them finding majors.

From what you have described, you may - just for this event - have to adjust your approach (which you should be doing anyways) to address the new/changed.
 

jfriess

Involved In Discussions
#3
That makes sense to avoid Majors. I just thought by performing the Gap Analysis that we did when upgrading, we were checking everything. But it does make sense to double check (which we have just not documented in the audits)

And just to clarify, are you saying we should be doing a checklist approach every internal (system) audit or we should be continuously changing our approach?? This has never been our strongest area and i am just looking for advice on how to strengthen it... We are a small company (50 employees), so we only have 2 auditors.
 
#4
That makes sense to avoid Majors. I just thought by performing the Gap Analysis that we did when upgrading, we were checking everything. But it does make sense to double check (which we have just not documented in the audits)

And just to clarify, are you saying we should be doing a checklist approach every internal (system) audit or we should be continuously changing our approach?? This has never been our strongest area and i am just looking for advice on how to strengthen it... We are a small company (50 employees), so we only have 2 auditors.
For the most part, a gap analysis is simply an administrative look at the requirements and asking "do we do this?"

What the CB/Registrar wants you to do is audit whatever you implemented as a result of closing the "gaps".

I'm not always certain what people mean by "checklists" since they can vary wildly. If the auditor prepares a "shopping list" of things they want to audit, that's the most effective, in my estimation.. The approach will be different, since the "scope" and "criteria" for each audit will necessitate a different shopping list... Does that make sense?
 

Kronos147

Trusted Information Resource
#6
...We do our "system" audit by auditing each of our main processes (7). We follow a format that looks at many different aspects of the standard are being followed during each process. Ex: inputs, output, training, documentation, corrective action, improvement...
Excellent!

Do you have any document that ties in what requirements apply to those 7 processes? Does it say in the manual, perhaps, that you address 8.2 requirements for products\services with your contract review process?

When the internal auditor did the audit, did they know about the document and how they needed to look to ensure those requirements were being met when they assessed the process?
 
Thread starter Similar threads Forum Replies Date
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 9
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
J Microsoft Teams to manage Internal Audit System? Internal Auditing 3
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
Tagin Does ISO 9001:2015 require a full internal audit annually? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
S GM/VP softgrading internal audit finding - need feedback from an audit guru! General Auditing Discussions 11
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
S Internal Audit Completion Memorandum Internal Auditing 2
T Example wanted - Template for internal audit IATF 16949 IATF 16949 - Automotive Quality Systems Standard 1
a_bardi Is it possible to exclude internal audit from qms scope? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
P Quality objectives - must they include CAPA and internal audit topic? ISO 13485:2016 - Medical Device Quality Management Systems 28

Similar threads

Top Bottom